Go Back   Tech Support Forum > Networking Forum > Security and Firewalls

Can AES-256 be broken?

This is a discussion on Can AES-256 be broken? within the Security and Firewalls forums, part of the Tech Support Forum category. I am using 7z to create archives and to encrypt them. http://www.7-zip.org/ 7z uses AES-256 password encryption. But I have


Reply
 
Thread Tools Search this Thread
Old 06-14-2008, 03:39 PM   #1
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



I am using 7z to create archives and to encrypt them.

http://www.7-zip.org/

7z uses AES-256 password encryption.

But I have seen some 7z password recovery programs on the internet.

Does this mean someone can crack or break my 7z AES-256 encrypted files?

I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?

__________________
truthseeker is offline   Reply With Quote
Old 06-14-2008, 05:43 PM   #2
Moderator Hardware Team
 
koala's Avatar
 
Join Date: Mar 2005
Location: UK
Posts: 21,386
OS: Win7-64

My System


Have you seen the latest replies to this question in your other thread? http://www.wilderssecurity.com/showthread.php?p=1261571

Quote:
Originally Posted by Pleonasm_post#19
…taking maximum advantage of the full strength of AES encryption requires a password of approximately 32 characters for 128-bit encryption and 64 characters for 256-bit encryption.
Quote:
Originally Posted by dantz_post#20
I hope you realize that every time you open one of your encrypted files it's written to a temp folder as plaintext. This is the major weakness of all zip encryption. So keep on wiping! Or choose a method of encryption that doesn't writes plaintext to disk.

__________________
koala is offline   Reply With Quote
Old 06-14-2008, 05:48 PM   #3
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by koala View Post
Have you seen the latest replies to this question in your other thread? http://www.wilderssecurity.com/showthread.php?p=1261571
Is Wildersecurity run by the same people who run this website?

I asked there as well as it seems to have more traffic there.
__________________
truthseeker is offline   Reply With Quote
Old 06-14-2008, 05:54 PM   #4
Moderator Hardware Team
 
koala's Avatar
 
Join Date: Mar 2005
Location: UK
Posts: 21,386
OS: Win7-64

My System


No, we're not affiliated with Wildersecurity at all, but I think some of our Security team post over there. It just takes a quick google to find cross-posts.

It looks like you'll need to increase the length of your password to get better encryption. Also, if the data is really private and you've opened the file, remember to wipe the drive's free space after deleting it with something like Sure Delete.
__________________
koala is offline   Reply With Quote
Old 06-14-2008, 06:03 PM   #5
Certifiable Lazy Bum
 
sobeit's Avatar
 
Join Date: Nov 2007
Location: NEAR
Posts: 16,932
OS: win7pro/mint17


Send a message via Yahoo to sobeit

Quote:
Originally Posted by truthseeker View Post
I am using 7z to create archives and to encrypt them.

http://www.7-zip.org/

7z uses AES-256 password encryption.

But I have seen some 7z password recovery programs on the internet.

Does this mean someone can crack or break my 7z AES-256 encrypted files?

I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?
anything can be cracked. as they say about locks, they are made for innocent not the guilty. As far as how long it would take, depends upon the person and their tools.
__________________
the truth is a three edged sword - your truth, my truth and the real truth.
sobeit is offline   Reply With Quote
Old 06-14-2008, 06:08 PM   #6
Moderator Hardware Team
 
koala's Avatar
 
Join Date: Mar 2005
Location: UK
Posts: 21,386
OS: Win7-64

My System


Quote:
Originally Posted by truthseeker
I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?
There are too many variables to give an accurate answer - length of password, characters used, speed of CPU, program/method used for cracking, etc. I think if anyone wanted access to the encrypted data, they would probably get a quicker result by using data recovery software to go through your 'deleted' files rather than try to crack the zip password.
__________________
koala is offline   Reply With Quote
Old 06-14-2008, 07:35 PM   #7
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by koala View Post
No, we're not affiliated with Wildersecurity at all, but I think some of our Security team post over there. It just takes a quick google to find cross-posts.

It looks like you'll need to increase the length of your password to get better encryption. Also, if the data is really private and you've opened the file, remember to wipe the drive's free space after deleting it with something like Sure Delete.
Yep, good comment. I have increased by password from 14 to 26, and believe it or not, I remember it in my head :-)

And yes another good point, I use Eraser to do a wipe of the original file itself and the free space.

Thank you for your help. I am happy and content now to keep using the 7z AES-256 encryption and confident it will protect me from the average person if they ever gain access to my laptop.

P.S So using google I guess you find a lot of cross-posts, you sneaky bugger :) hehe.
__________________
truthseeker is offline   Reply With Quote
Old 06-14-2008, 07:37 PM   #8
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by sobeit View Post
anything can be cracked. as they say about locks, they are made for innocent not the guilty. As far as how long it would take, depends upon the person and their tools.
Yep. And the time it would take an average person who may gain access to my laptop to break my 7z programs AES-256 encryption, by then I would probably have changed my bank details and pins :) So then their cracked 7z file would be useless anyway :)
__________________
truthseeker is offline   Reply With Quote
Old 08-13-2008, 03:18 PM   #9
Registered Member
 
Join Date: Aug 2008
Posts: 1
OS: fedora 9



Quote:
Originally Posted by truthseeker View Post
I am using 7z to create archives and to encrypt them.

http://www.7-zip.org/

7z uses AES-256 password encryption.

But I have seen some 7z password recovery programs on the internet.

Does this mean someone can crack or break my 7z AES-256 encrypted files?

I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?
People are dancing around the easy answers:

1. Yes you can crack a 14 character pw. Did you find the name of one of the programs targeted at 7zip yet? There are a bunch. I'm getting 12.8million guesses/sec on my spare box right now. Usually on this sort of game i have one machine that knocks out dictionaries and small pw/low number of character classes. Then I have a stack of g5s that sit there and crank through in paralel for harder longer pws. When I guess them, I send my users email and tell them their pw and request they reset.

2. Govt cracking - Ever heard of a DSP? there are 2 main concepts. Dedicated chips and hashes. Chips that have a sole job of decrypting, or in the smart case of encrypting. All smart agencies have loads of hardware generating hash tables. There are many creative ways even with salts to get around this stuff. Anyhow brute force is dum. A simple database lookup and then a trial of those hashes is fast and easy. Your 14 char pw was pwned before you even wrote it.
__________________
MarAttacker2000 is offline   Reply With Quote
Old 08-13-2008, 04:11 PM   #10
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System


And why would you bother?
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline   Reply With Quote
Old 08-18-2008, 02:22 PM   #11
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by MarAttacker2000 View Post
People are dancing around the easy answers:

1. Yes you can crack a 14 character pw. Did you find the name of one of the programs targeted at 7zip yet? There are a bunch. I'm getting 12.8million guesses/sec on my spare box right now. Usually on this sort of game i have one machine that knocks out dictionaries and small pw/low number of character classes. Then I have a stack of g5s that sit there and crank through in paralel for harder longer pws. When I guess them, I send my users email and tell them their pw and request they reset.

2. Govt cracking - Ever heard of a DSP? there are 2 main concepts. Dedicated chips and hashes. Chips that have a sole job of decrypting, or in the smart case of encrypting. All smart agencies have loads of hardware generating hash tables. There are many creative ways even with salts to get around this stuff. Anyhow brute force is dum. A simple database lookup and then a trial of those hashes is fast and easy. Your 14 char pw was pwned before you even wrote it.
You are full of words, no action. PROVE IT that you can crack an encrypted file.

I have uploaded an encrypted Winrar file and inside it there is a text file with a word written. Tell me the word written inside the file and prove you can crack it.

Grab the file from here:

http://rapidshare.com/files/138330671/encrypted.rar

NO TALK, ONLY ACTION! Crack that file, tell me the "secret word" inside the encrypted file.
__________________
truthseeker is offline   Reply With Quote
Old 08-19-2008, 05:52 PM   #12
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System


That guy is all hat, no cattle.
__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline   Reply With Quote
Old 08-19-2008, 08:37 PM   #13
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by johnwill View Post
That guy is all hat, no cattle.
Well I am still waiting for MarAttacker2000 to show me some action. No more talk, just action.

I even sent MarAttacker2000 an private message giving him the challenge to break that encrypted file and tell me the word inside the text file. After all, he claimed he can break an encrypted file, and gave me the impression he is very good at it and has the "right tools".

Yet I am still waiting. And I guess I will be waiting for another 3 millions years before he can break it LOL
__________________
truthseeker is offline   Reply With Quote
Old 08-19-2008, 08:56 PM   #14
Games Team | Tech
 
McNinja's Avatar
 
Join Date: Jun 2008
Location: Ontario, Canada
Posts: 12,530
OS: Windows 8.1 Pro x64

My System


no body cares, hoho look at me talk I have no action only talk, MAD yet hehe

use truecrypt if your worried about encryption
it uses 3 256 bit encryption programs and you can use a "File" key and a password
http://www.truecrypt.org/downloads.php

stop being so paranoid
If they stole your laptop all they would have to do is cool your ram down and transfer it to a seperate laptop..... so HA!
http://forum.japantoday.com/viewtopic.php?f=11&t=981559
__________________

http://folding.stanford.edu
If you have a problem, PM me and I'll respond in the thread you made.
power-supply-information-selection
Nvidia Drivers ATI drivers Direct X
McNinja is offline   Reply With Quote
Old 08-19-2008, 08:59 PM   #15
TSF Enthusiast
 
Join Date: May 2008
Posts: 946
OS: XP Home SP2



Dude, you're just paranoid. The truth is: any kind of encryption system can be cracked.

If I got my hands on your laptop, I'd just format it and use it as it is.

Quote:
Originally Posted by truthseeker View Post
Yep. And the time it would take an average person who may gain access to my laptop to break my 7z programs AES-256 encryption, by then I would probably have changed my bank details and pins :) So then their cracked 7z file would be useless anyway :)
Number 1 problem with you: you keep your bank info on your computer.
__________________
peterhuang913 is offline   Reply With Quote
Old 08-19-2008, 10:42 PM   #16
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by Mcninjaguy View Post
no body cares, hoho look at me talk I have no action only talk, MAD yet hehe

use truecrypt if your worried about encryption
it uses 3 256 bit encryption programs and you can use a "File" key and a password
http://www.truecrypt.org/downloads.php

stop being so paranoid
If they stole your laptop all they would have to do is cool your ram down and transfer it to a seperate laptop..... so HA!
http://forum.japantoday.com/viewtopic.php?f=11&t=981559
Are you claiming that if I encrypt a file using Winrar or Truecrypt, all a person need do is "cool my ram down and transfer it to a seperate laptop" and then wham, all encryption from the file is now gone and the files wide open? haha
__________________
truthseeker is offline   Reply With Quote
Old 08-19-2008, 10:43 PM   #17
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by peterhuang913 View Post
Dude, you're just paranoid. The truth is: any kind of encryption system can be cracked....
Full of words, all talk, no action.

Download the Winrar encrypted file I uploaded (see link above) and prove to me that you can crack the file :) PROVE IT!
__________________
truthseeker is offline   Reply With Quote
Old 08-19-2008, 10:45 PM   #18
Registered Member
 
truthseeker's Avatar
 
Join Date: Jan 2008
Posts: 405
OS: Vista



Quote:
Originally Posted by peterhuang913 View Post
...

If I got my hands on your laptop, I'd just format it and use it as it is.



Number 1 problem with you: you keep your bank info on your computer.
1. So you admit you couldnt access my current data? You could only format my HDD and lose all my encrypted data?

2. I have my banking details stored on a truecrypt partition and also stored in Keepass database. 2 layers of solid encryption. And I never type the information using keyboard.

So you claim you can get my bank details? LOL.
__________________
truthseeker is offline   Reply With Quote
Old 08-20-2008, 07:15 AM   #19
TSF Enthusiast
 
Join Date: May 2008
Posts: 946
OS: XP Home SP2



Dude, you need a chill-pill. There can be no action because it takes too long to crack such a silly thing. You're just SUPER PARANOID and you need to see a doctor about this condition of yours.
__________________
peterhuang913 is offline   Reply With Quote
Old 08-20-2008, 07:40 AM   #20
Microsoft MVP
 
johnwill's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2002
Location: S.E. Pennsylvania, US
Posts: 50,845
OS: Windows 7, XP-Pro, Vista, Linux

My System


OK, I think we've enjoyed this topic enough, I'm going to close this one. Please keep the discussions on a technical level and don't resort to personal attacks.

__________________
If TSF has helped you, Tell us about it! or Donate to help keep the site up!

Microsoft MVP - Windows Desktop Experience
johnwill is offline   Reply With Quote
Reply
Gear in this thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question

Gear in this thread


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:19 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts